Web application abuses : Moodle CMS <= 3.1.12, 3.2.x, 3.3.x <= 3.3.6, 3.4.x <= 3.4.3, 3.5.0 Multiple Vulnerabilities (Windows)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.113229

Categoría: Web application abuses

Título: Moodle CMS <= 3.1.12, 3.2.x, 3.3.x <= 3.3.6, 3.4.x <= 3.4.3, 3.5.0 Multiple Vulnerabilities (Windows)

Resumen: Moodle CMS is prone to multiple vulnerabilities.

Descripción: Summary:
Moodle CMS is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- It's possible for the core_course_get_categories web service
to return hidden categories, which should be omitted when fetching course categories.

- When a quiz question bank is imported, it is possible for the question preview
that is displayed to execute JavaScript that is written into the question bank.

Affected Software/OS:
Moodle CMS through version 3.1.12, 3.2.0 through 3.3.6, 3.4.0 through 3.4.3 and 3.5.0.

Solution:
Update to version 3.1.13, 3.3.7, 3.4.4 or 3.5.1 respectively.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-10890
Common Vulnerability Exposure (CVE) ID: CVE-2018-10891

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.113229
Categoría:	Web application abuses
Título:	Moodle CMS <= 3.1.12, 3.2.x, 3.3.x <= 3.3.6, 3.4.x <= 3.4.3, 3.5.0 Multiple Vulnerabilities (Windows)
Resumen:	Moodle CMS is prone to multiple vulnerabilities.
Descripción:	Summary: Moodle CMS is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - It's possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. - When a quiz question bank is imported, it is possible for the question preview that is displayed to execute JavaScript that is written into the question bank. Affected Software/OS: Moodle CMS through version 3.1.12, 3.2.0 through 3.3.6, 3.4.0 through 3.4.3 and 3.5.0. Solution: Update to version 3.1.13, 3.3.7, 3.4.4 or 3.5.1 respectively. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10890 Common Vulnerability Exposure (CVE) ID: CVE-2018-10891
Copyright	Copyright (C) 2018 Greenbone Networks GmbH